1. Finding Installed and Available CVEs
To find installed packages and their associated CVEs, you can use the following command:
# dpkg -l | grep '^ii' | awk '{print $2}' | xargs -I{} apt-get changelog {} | grep -i CVE
This command lists installed packages and searches for CVEs in their changelogs. It uses `dpkg` to get the list of installed packages and then uses `apt-get changelog` to display the changelog for each package, filtering for lines containing the term "CVE."
2. Retrieving Changelogs for a Specific CVE
To retrieve changelogs for a specific CVE, you can use the following command:
# apt-get changelog package-name | grep -i CVE-cve-id
Replace "package-name" with the name of the package you want to check, and replace "cve-id" with the desired CVE identifier (e.g., CVE-2020-14145). This command will display changelog entries related to the specified CVE.
3. Checking Available Security Updates and Fixes
To check for available security updates and fixes, you can use the following command:
# sudo apt-get update # apt list --upgradable | grep "\-security"
The first command updates the package lists from repositories, and the second command lists packages that have available updates, specifically those related to security updates.
4. Checking Enabled Update Types in Unattended-Upgrades
To check which types of updates are enabled in unattended-upgrades, you can examine the configuration files. The main configuration file is located at:
# /etc/apt/apt.conf.d/20auto-upgrades
You can also look for additional configuration files in the "/etc/apt/apt.conf.d/" directory that start with "50unattended-upgrades" to see more specific settings.
/etc/apt/apt.conf.d/50unattended-upgrades
50unattended-upgrades
using vi/vim and Modify the line to include only the "security" repository. Edit the line as follows:
# Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}-security"; };
5. Installing Security Fixes for a Single Package
To install security fixes for a specific package, you can use the following command:
# sudo apt-get install --only-upgrade package-name
Replace "package-name" with the name of the package you want to update. This command will install the latest available version of the package, including security updates.
6. Installing Security Fixes for All Packages
To install security fixes for all packages only, you can use the following command:
# sudo unattended-upgrade -v
This command will install only available security updates
To install security fixes for all packages with available updates, you can use the following command:
# sudo apt-get upgrade
This command will upgrade all packages with available updates, including security updates and fixes.
Conclusion
Regularly checking for security updates, understanding the CVEs associated with installed packages, and promptly installing security patches are essential steps to maintain a secure Ubuntu Linux system.
If unattended-upgrade has not yet been set up, you can use the wiki link below to install it and configure Ubuntu Linux so that security updates are installed automatically.
Have a look of setting unattended-upgrade================================================================================== Was this article of use to you? Post your insightful thoughts or recommendations in the comments section if you don't find this article to be helpful or if you see any outdated information, a problem, or a typo to help this article better. ==================================================================================